diff --git a/app/controllers/api/fasp/base_controller.rb b/app/controllers/api/fasp/base_controller.rb index f786ea1767f..a05d0049bab 100644 --- a/app/controllers/api/fasp/base_controller.rb +++ b/app/controllers/api/fasp/base_controller.rb @@ -47,7 +47,7 @@ class Api::Fasp::BaseController < ApplicationController provider = nil Linzer.verify!(request.rack_request, no_older_than: 5.minutes) do |keyid| - provider = Fasp::Provider.find(keyid) + provider = Fasp::Provider.confirmed.find(keyid) Linzer.new_ed25519_public_key(provider.provider_public_key_pem, keyid) end diff --git a/app/models/fasp/provider.rb b/app/models/fasp/provider.rb index 37d0b581ca1..65a60846506 100644 --- a/app/models/fasp/provider.rb +++ b/app/models/fasp/provider.rb @@ -34,6 +34,7 @@ class Fasp::Provider < ApplicationRecord before_create :create_keypair after_commit :update_remote_capabilities + scope :confirmed, -> { where(confirmed: true) } scope :with_capability, lambda { |capability_name| where('fasp_providers.capabilities @> ?::jsonb', "[{\"id\": \"#{capability_name}\", \"enabled\": true}]") } diff --git a/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb b/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb index 2d1f1d64170..6306fdb02fe 100644 --- a/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb +++ b/spec/requests/api/fasp/data_sharing/v0/backfill_requests_spec.rb @@ -6,34 +6,33 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::BackfillRequests', feature: :fasp do include ProviderRequestHelper describe 'POST /api/fasp/data_sharing/v0/backfill_requests' do - let(:provider) { Fabricate(:fasp_provider) } + subject do + post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json + end + + let(:provider) { Fabricate(:confirmed_fasp) } + let(:params) { { category: 'content', maxCount: 10 } } + let(:headers) do + request_authentication_headers(provider, + url: api_fasp_data_sharing_v0_backfill_requests_url, + method: :post, + body: params) + end + + it_behaves_like 'forbidden for unconfirmed provider' context 'with valid parameters' do it 'creates a new backfill request' do - params = { category: 'content', maxCount: 10 } - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_backfill_requests_url, - method: :post, - body: params) - - expect do - post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json - end.to change(Fasp::BackfillRequest, :count).by(1) + expect { subject }.to change(Fasp::BackfillRequest, :count).by(1) expect(response).to have_http_status(201) end end context 'with invalid parameters' do + let(:params) { { category: 'unknown', maxCount: 10 } } + it 'does not create a backfill request' do - params = { category: 'unknown', maxCount: 10 } - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_backfill_requests_url, - method: :post, - body: params) - - expect do - post api_fasp_data_sharing_v0_backfill_requests_path, headers:, params:, as: :json - end.to_not change(Fasp::BackfillRequest, :count) + expect { subject }.to_not change(Fasp::BackfillRequest, :count) expect(response).to have_http_status(422) end end diff --git a/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb b/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb index 59ab44d0c4a..12ce5124b06 100644 --- a/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb +++ b/spec/requests/api/fasp/data_sharing/v0/continuations_spec.rb @@ -6,15 +6,22 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::Continuations', feature: :fasp do include ProviderRequestHelper describe 'POST /api/fasp/data_sharing/v0/backfill_requests/:id/continuations' do - let(:backfill_request) { Fabricate(:fasp_backfill_request) } - let(:provider) { backfill_request.fasp_provider } + subject do + post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json + end - it 'queues a job to continue the given backfill request' do - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request), - method: :post) + let(:provider) { Fabricate(:confirmed_fasp) } + let(:backfill_request) { Fabricate(:fasp_backfill_request, fasp_provider: provider) } + let(:headers) do + request_authentication_headers(provider, + url: api_fasp_data_sharing_v0_backfill_request_continuation_url(backfill_request), + method: :post) + end - post api_fasp_data_sharing_v0_backfill_request_continuation_path(backfill_request), headers:, as: :json + it_behaves_like 'forbidden for unconfirmed provider' + + it 'queues a job to continue the given backfill request' do + subject expect(response).to have_http_status(204) expect(Fasp::BackfillWorker).to have_enqueued_sidekiq_job(backfill_request.id) end diff --git a/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb b/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb index beab9e326f5..4b7ec5d59ca 100644 --- a/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb +++ b/spec/requests/api/fasp/data_sharing/v0/event_subscriptions_spec.rb @@ -6,51 +6,57 @@ RSpec.describe 'Api::Fasp::DataSharing::V0::EventSubscriptions', feature: :fasp include ProviderRequestHelper describe 'POST /api/fasp/data_sharing/v0/event_subscriptions' do - let(:provider) { Fabricate(:fasp_provider) } + subject do + post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json + end + + let(:provider) { Fabricate(:confirmed_fasp) } + let(:params) { { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 } } + let(:headers) do + request_authentication_headers(provider, + url: api_fasp_data_sharing_v0_event_subscriptions_url, + method: :post, + body: params) + end + + it_behaves_like 'forbidden for unconfirmed provider' context 'with valid parameters' do it 'creates a new subscription' do - params = { category: 'content', subscriptionType: 'lifecycle', maxBatchSize: 10 } - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_event_subscriptions_url, - method: :post, - body: params) - expect do - post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json + subject end.to change(Fasp::Subscription, :count).by(1) expect(response).to have_http_status(201) end end context 'with invalid parameters' do - it 'does not create a subscription' do - params = { category: 'unknown' } - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_event_subscriptions_url, - method: :post, - body: params) + let(:params) { { category: 'unknown' } } - expect do - post api_fasp_data_sharing_v0_event_subscriptions_path, headers:, params:, as: :json - end.to_not change(Fasp::Subscription, :count) + it 'does not create a subscription' do + expect { subject }.to_not change(Fasp::Subscription, :count) expect(response).to have_http_status(422) end end end describe 'DELETE /api/fasp/data_sharing/v0/event_subscriptions/:id' do - let(:subscription) { Fabricate(:fasp_subscription) } - let(:provider) { subscription.fasp_provider } + subject do + delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json + end - it 'deletes the subscription' do - headers = request_authentication_headers(provider, - url: api_fasp_data_sharing_v0_event_subscription_url(subscription), - method: :delete) + let(:provider) { Fabricate(:confirmed_fasp) } + let!(:subscription) { Fabricate(:fasp_subscription, fasp_provider: provider) } + let(:headers) do + request_authentication_headers(provider, + url: api_fasp_data_sharing_v0_event_subscription_url(subscription), + method: :delete) + end + + it_behaves_like 'forbidden for unconfirmed provider' - expect do - delete api_fasp_data_sharing_v0_event_subscription_path(subscription), headers:, as: :json - end.to change(Fasp::Subscription, :count).by(-1) + it 'deletes the subscription' do + expect { subject }.to change(Fasp::Subscription, :count).by(-1) expect(response).to have_http_status(204) end end diff --git a/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb b/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb index 58c5e8897b4..bcd6b74f79d 100644 --- a/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb +++ b/spec/requests/api/fasp/debug/v0/callback/responses_spec.rb @@ -6,18 +6,23 @@ RSpec.describe 'Api::Fasp::Debug::V0::Callback::Responses', feature: :fasp do include ProviderRequestHelper describe 'POST /api/fasp/debug/v0/callback/responses' do - let(:provider) { Fabricate(:debug_fasp) } + subject do + post api_fasp_debug_v0_callback_responses_path, headers:, params: payload, as: :json + end - it 'create a record of the callback' do - payload = { test: 'call' } - headers = request_authentication_headers(provider, - url: api_fasp_debug_v0_callback_responses_url, - method: :post, - body: payload) + let(:provider) { Fabricate(:confirmed_fasp) } + let(:payload) { { test: 'call' } } + let(:headers) do + request_authentication_headers(provider, + url: api_fasp_debug_v0_callback_responses_url, + method: :post, + body: payload) + end - expect do - post api_fasp_debug_v0_callback_responses_path, headers:, params: payload, as: :json - end.to change(Fasp::DebugCallback, :count).by(1) + it_behaves_like 'forbidden for unconfirmed provider' + + it 'create a record of the callback' do + expect { subject }.to change(Fasp::DebugCallback, :count).by(1) expect(response).to have_http_status(201) debug_callback = Fasp::DebugCallback.last diff --git a/spec/support/examples/fasp/api.rb b/spec/support/examples/fasp/api.rb new file mode 100644 index 00000000000..6d28933c6e8 --- /dev/null +++ b/spec/support/examples/fasp/api.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +RSpec.shared_examples 'forbidden for unconfirmed provider' do + context 'when the requesting provider is unconfirmed' do + let(:provider) { Fabricate(:fasp_provider) } + + it 'returns http unauthorized' do + subject + + expect(response).to have_http_status(401) + end + end +end diff --git a/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb b/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb index 0d4a8708757..f3917d0d53e 100644 --- a/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb +++ b/spec/workers/fasp/announce_account_lifecycle_event_worker_spec.rb @@ -6,10 +6,11 @@ RSpec.describe Fasp::AnnounceAccountLifecycleEventWorker do include ProviderRequestHelper let(:account_uri) { 'https://masto.example.com/accounts/1' } + let(:provider) { Fabricate(:confirmed_fasp) } let(:subscription) do - Fabricate(:fasp_subscription, category: 'account') + Fabricate(:fasp_subscription, fasp_provider: provider, category: 'account') end - let(:provider) { subscription.fasp_provider } + let!(:stubbed_request) do stub_provider_request(provider, method: :post, diff --git a/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb b/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb index 60618607c95..6f7b44e67f4 100644 --- a/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb +++ b/spec/workers/fasp/announce_content_lifecycle_event_worker_spec.rb @@ -6,10 +6,11 @@ RSpec.describe Fasp::AnnounceContentLifecycleEventWorker do include ProviderRequestHelper let(:status_uri) { 'https://masto.example.com/status/1' } + let(:provider) { Fabricate(:confirmed_fasp) } let(:subscription) do - Fabricate(:fasp_subscription) + Fabricate(:fasp_subscription, fasp_provider: provider) end - let(:provider) { subscription.fasp_provider } + let!(:stubbed_request) do stub_provider_request(provider, method: :post, diff --git a/spec/workers/fasp/announce_trend_worker_spec.rb b/spec/workers/fasp/announce_trend_worker_spec.rb index 799d8a8f48a..f63121640b9 100644 --- a/spec/workers/fasp/announce_trend_worker_spec.rb +++ b/spec/workers/fasp/announce_trend_worker_spec.rb @@ -6,14 +6,15 @@ RSpec.describe Fasp::AnnounceTrendWorker do include ProviderRequestHelper let(:status) { Fabricate(:status) } + let(:provider) { Fabricate(:confirmed_fasp) } let(:subscription) do Fabricate(:fasp_subscription, + fasp_provider: provider, category: 'content', subscription_type: 'trends', threshold_timeframe: 15, threshold_likes: 2) end - let(:provider) { subscription.fasp_provider } let!(:stubbed_request) do stub_provider_request(provider, method: :post, diff --git a/spec/workers/fasp/backfill_worker_spec.rb b/spec/workers/fasp/backfill_worker_spec.rb index 43734e02bac..18770876746 100644 --- a/spec/workers/fasp/backfill_worker_spec.rb +++ b/spec/workers/fasp/backfill_worker_spec.rb @@ -5,8 +5,10 @@ require 'rails_helper' RSpec.describe Fasp::BackfillWorker do include ProviderRequestHelper - let(:backfill_request) { Fabricate(:fasp_backfill_request) } - let(:provider) { backfill_request.fasp_provider } + subject { described_class.new.perform(backfill_request.id) } + + let(:provider) { Fabricate(:confirmed_fasp) } + let(:backfill_request) { Fabricate(:fasp_backfill_request, fasp_provider: provider) } let(:status) { Fabricate(:status) } let!(:stubbed_request) do stub_provider_request(provider,